Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 25125 through 25134.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 64 new rules and made modifications to 33 additional rules, in what will most likely be the last update of the year.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Monday, December 17, 2012

We welcome the introduction of the newest rule release for today from the VRT. In this release we introduced 10 new rules and made modifications to 9 additional rules.

There were no changes made to the snort.conf in this release.

In VRT's rule release:

The Sourcefire VRT has added and modified multiple rules in the
blacklist, file-flash, file-identify, file-other, malware-backdoor and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 1, SID 24956.

Microsoft Security Bulletin MS12-078:
The Microsoft Windows Adobe Type Manager font driver (ATMFD) contains a
programming error that may allow a remote attacker to cause a Denial of
Service (DoS) against an affected system.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 24971.

Microsoft Security Bulletin MS12-079:
Microsoft Word contains a programming error that may allow a remote
attacker to execute code on an affected system via a specially crafted
rich text file.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 24974 and 24975.

Microsoft Security Bulletin MS12-081:
The Microsoft Windows operating system contains a programming error
that may allow a remote attacker to execute code on an affected system
via a specially crafted file name.

A rule to detect attacks targeting this vulnerability is included in
this release and is identified with GID 3, SID 24973.

Microsoft Security Bulletin MS12-082:
Microsoft DirectPlay contains a programming error that may allow a
remote attacker to execute code on an affected system.

Rules to detect attacks targeting this vulnerability are included in
this release and are identified with GID 1, SIDs 24957 through 24970.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

Wednesday, December 5, 2012

Many thanks to one of our very dedicated Snort Community members, William Parker. In his guides (also posted on the documentation page of Snort.org) he has embedded some Snort Startup scripts.

Because some people are having problems with copy and pasting out of the PDF documentation, so Mr. Parker put these startup scripts in their own files and sent them to me. I created a special section on Snort.org/docs just for startup scripts, and they are all there!

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!

* Changed logic of option evaluations for shared library rules that
use a custom evaluation function to match that of the builtin logic
when the NOT_FLAG is used. The 'NOT' matching now happens within
each of the individual rule option evaluation functions.

* Updated SMTP preprocessor to better handle commands that have
corresponding data on a subsequent line to reduce false positives.
3 commands fall into this category - X-EXPS, XEXCH50, and BDAT.

* Improve support for encapsulated & tunneling protocols to block or
fastpath a connection within the tunnel rather applying that to
the whole tunnel.

In order to subscribe now to the VRT's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at http://www.snort.org/store. Make sure and stay up to date to catch the most emerging threats!